| F E A T U R E|
The 10 Most Important People of the Decade
Number 8: Elias Levy
October 2, 2000
By Greg Shipley
So what has this 26-year-old from Venezuela done to earn a place on our list? For the past four years, he's guided the single most powerful source of security information in the world today: the BugTraq mailing list. Through BugTraq, Levy has helped educate hundreds of thousands of system administrators, network engineers and developers across the planet, while miraculously remaining free from vendor and political bias. Not bad for 26.
Apart from BugTraq, Levy has contributed greatly to awareness about system vulnerabilities. For example, his article "Smashing the Stack for Fun and Profit," which appeared in Issue 49 of the underground online magazine Phrack (www.phrack.com), sparked numerous system attacks as well as the creation of defenses against them. The idea is simple: If the information exists, make it public. Better to have it out in the open than in the hands of a few "bad guys."
As moderator of the BugTraq mailing list, Levy has carved out a unique position from which he has worked to mitigate the chaos that has surrounded the past 10 years of computer security. His relentless objectivity has earned the unwavering respect of peers and vendors alike. Because of BugTraq, an entire industry has changed the way it does business. And, as can be expected, the faithful see BugTraq as so much more than an e-mail list. In fact, BugTraq is nothing short of a movement that has shifted the balance of power from vendors to customers.
Before BugTraq, customers that encountered security-related bugs were limited to direct communication with their vendors. Frequently, bugs and security complaints were denied or simply swept under the carpet by the vendors in question, which would dismiss a potentially hazardous bug as trivial or "theoretical." When bugs were fixed, vendors often didn't inform their customers, which meant a customer would have to submit a complaint before receiving the fix. When Scott Chasin founded BugTraq in 1993, security-related information was brought out into the open, and the community's voice became united. BugTraq revolutionized not only how vulnerabilities were discussed, but how vendors responded.
Levy took the reigns as BugTraq moderator in 1996. While he could have served merely as the gatekeeper of message threads, instead he has worked hard to keep the list focused, responding to offline discussions and continuing to fight for the full-disclosure nature of the list. When speculation arose regarding a U.S. World Intellectual Property Organization (WIPO) bill bringing about the end of BugTraq, Levy was the first to proclaim that BugTraq would live on no matter what--outside U.S. borders if necessary. His lack of bias and his determination have helped keep BugTraq alive and vital.
BugTraq has published just about every security issue that's hit the Internet thus far, often discussing the issue weeks or even months before its effects are felt by the majority of the world. While cryptography has yet to stop Internet break-ins and no security product introduced to date can protect us from the most highly skilled intruders, we can nevertheless arm ourselves with one of the most powerful weapons in existence: education. Whether setting the record straight in a public forum or painstakingly explaining complex concepts (such as sticky bits in a private e-mail message), Elias Levy is the driving force behind these works.